Javascript hex_md5 breaks conditional logic

It ignores the logic when you cancel the prompt.

Page 1 of 1

8 Replies - 12277 Views - Last Post: 27 September 2007 - 08:09 AM

#1 YoYo-Pete  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 21-December 06

Javascript hex_md5 breaks conditional logic

Posted 24 September 2007 - 08:46 AM

I have a script which prompts the user to input thier PIN number. The number is then hashed and compared to the database value. This prevents the PIN from being visable in the source code.

While this is based on a PHP page, the hard coded script does not work and there lies the issue.

It appears once the hex_md5(value) is used, the conditional logic is ignored. The script is run on form submit.

This is an over simplified version of my real page that shows the issue. I almost believe it may be an issue with the way javascript works and not my coding. You guys let me know.

What should happen is the user enters a PIN (In this case the proper pin is "1717"). If the PIN does not match the hashed value in the database, then it should return false and not let the page submit.
<body>
<script language="Javascript1.2">
function testit()
	{
	var validate=prompt("Enter your PIN","Enter your PIN"); 
	if (hex_md5(validate) != '8b5700012be65c9da25f49408d959ca0') {return false;}
	}
</script>

<form action="/project_G/test2.php" method="post" >
	<input type="submit" value="Test" onclick="return testit();">
</form>
</body>


If I change the script to the following, not using the hex_md5, then it works correctly. But the PIN is then exposed in the source code.
function testit()
	{
	var validate=prompt("Sign Out Report:  G07-2633","Enter your PIN"); 
	if (validate != '1717') {	return false;}
	}


I'm stumped on how to get this to work correctly. It's kind of making me go crazy. Any ideas on how I can make this work so you cannot view source and get the PIN?

This post has been edited by YoYo-Pete: 24 September 2007 - 12:07 PM


Is This A Good Question/Topic? 0
  • +

Replies To: Javascript hex_md5 breaks conditional logic

#2 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4332
  • View blog
  • Posts: 12,127
  • Joined: 18-April 07

Re: Javascript hex_md5 breaks conditional logic

Posted 24 September 2007 - 09:49 AM

Well you are going to pretty much need the entire script to make that function work. hex_md5() is a custom function and is not part of the standard javascript. It is based on a script which has several other functions that go with it. What you have to do is download the js file that contains the functions and add it to your page. The following site has a download link for the javascript file you need....

Javascript MD5 function script (download link at the top.. it is a js file)

Once you have downloaded it, upload it to your website and add the following line at the top of your HTML page in the "head" section like so...

<html>
<head>
<title>My title goes here</title>
<script type="text/javascript" src="pathtojsfilegoeshere"></script>
</head>



Once you have linked to the javascript file (notice you have to provide the path to the file on your server or just the filename if the file is in the same directory as the HTML page) then you should be able to use your function hex_md5().

That should get you up and running with it. Enjoy! :)
Was This Post Helpful? 0
  • +
  • -

#3 YoYo-Pete  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 21-December 06

Re: Javascript hex_md5 breaks conditional logic

Posted 24 September 2007 - 10:06 AM

::smack:: I feel pretty silly that I didnt catch that. I have the file, somehow removed the reference during an edit at some point.

This post has been edited by YoYo-Pete: 24 September 2007 - 10:10 AM

Was This Post Helpful? 0
  • +
  • -

#4 YoYo-Pete  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 21-December 06

Re: Javascript hex_md5 breaks conditional logic

Posted 24 September 2007 - 12:10 PM

Okay.... That wasnt the problem.

I know the reference is in place as it will hash match the correct code. Wrong code returns false.

Problem is if I hit cancel on the promt, it submits the form even though the logic says return false.

Anyone have any ideas on this? I cant figure out if I'm wrong or what.
<body>
<script language="Javascript1.2" src="md5.js"></script>
<script type="text/javascript" src="md5.js"></script>
<script LANGUAGE="Javascript">
function testit()
{

	var validate=prompt("Enter your PIN","Enter your PIN");
	if (hex_md5(validate) == '8b5700012be65c9da25f49408d959ca0')
		return true;
	else
		{
		alert('The PIN you entered is not correct.');
		return false;
		}
	} 

</script>

<form action="/project_G/test2.php" method="post" >
	<input type="submit" value="Test" onclick="return testit();">
</form>
</body>

This post has been edited by YoYo-Pete: 24 September 2007 - 12:46 PM

Was This Post Helpful? 0
  • +
  • -

#5 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4332
  • View blog
  • Posts: 12,127
  • Joined: 18-April 07

Re: Javascript hex_md5 breaks conditional logic

Posted 24 September 2007 - 12:31 PM

You have to call your testit() function through the form by using onsubmit, not using the button like you are here. The button is firing the event and everything is done, the form is submitting because there is nothing telling it to stop. You can read more on the onsubmit attribute at the following address:

Example of using the onsubmit attribute of the form tag

Enjoy! :)
Was This Post Helpful? 0
  • +
  • -

#6 YoYo-Pete  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 21-December 06

Re: Javascript hex_md5 breaks conditional logic

Posted 24 September 2007 - 12:46 PM

I had a bug in the top code... Fixed that...

But I disagree... The return true and false tell it what to do... Likewise, when I move the example into the form's onsubmit, it still has the same result.

Here's what works the way I want. When you cancel the input box it goes to the false condition because it passes a null as the value submitted. This gives the wrong PIN message when you cancel.
<script LANGUAGE="Javascript">
function testit()
{

	var validate=prompt("Enter your PIN","Enter your PIN");
	if ((validate) == '1234')
		return true;
	else
		{
		alert('The PIN you entered is not correct.');
		return false;
		}
	} 

</script>


But this does not work. It submits the form. Why is it different then the first? Only the hex_md5 is different.
<script LANGUAGE="Javascript">
function testit()
{

	var validate=prompt("Enter your PIN","Enter your PIN");
	if (hex_md5(validate) == '8b5700012be65c9da25f49408d959ca0')
		return true;
	else
		{
		alert('The PIN you entered is not correct.');
		return false;
		}
	} 

</script>


I cannot rework the page the way you state as there are 7 submit buttons that call different scripts based on what the function is. So one onsubmit will not suffice. And that still wont fix the problem. This works find for many of my methedologies, but just not with the hash.

Do you think the hash code has some type of flaw?

This post has been edited by YoYo-Pete: 24 September 2007 - 12:54 PM

Was This Post Helpful? 0
  • +
  • -

#7 Martyr2  Icon User is offline

  • Programming Theoretician
  • member icon

Reputation: 4332
  • View blog
  • Posts: 12,127
  • Joined: 18-April 07

Re: Javascript hex_md5 breaks conditional logic

Posted 24 September 2007 - 03:16 PM

Well the classic method is to put it into the onsubmit attribute of the form. However now that you tell me there are multiple submit buttons, you can attach the call to each of your submit buttons, passing in either the name or a copy of the button object (using something like the "this" pointer) and evaluate in the function which button was pressed, then submitting the form through javascript using form.action and a form.submit() call. An example of that can be found here...

W3schools - use of action property and form submit through javascript

As for whether or not the script is flawed, I have no idea. To me it looks like you are probably using it wrong. You know you can check the value of the info returned back from prompt to see if it is null and hence not use it.

function testit()
{

	var validate = prompt("Enter your PIN","Enter your PIN");
	if (validate != null) {
		if (hex_md5(validate) == '8b5700012be65c9da25f49408d959ca0')
			return true;
		else
		{
			alert('The PIN you entered is not correct.');
			return false;
		}
	}
	else { alert("Enter something silly!"); }
} 



You may also want to print out your hex_md5() return value and make sure that it matches that string in case sensitivity too!

:)
Was This Post Helpful? 0
  • +
  • -

#8 YoYo-Pete  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 21-December 06

Re: Javascript hex_md5 breaks conditional logic

Posted 25 September 2007 - 05:55 AM

I think it's the script as it works correctly when I dont use the hash... Adding it in causes the cancel on the submit to submit instead of using the logic to return false.

Even when I put the script on the form, it does not work.

I'm going to have to figure out a work around as it's definatly the script.
Was This Post Helpful? 0
  • +
  • -

#9 YoYo-Pete  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 21-December 06

Re: Javascript hex_md5 breaks conditional logic

Posted 27 September 2007 - 08:09 AM

I figured it out... I checked to see if the prompt was canceled. If so I retured false. If not, I then do a hash value check.

<script LANGUAGE="Javascript">
function testit()
{
	var validate=prompt("Enter your PIN","Enter your PIN");
	if (validate != '' && validate != null) {
		  if (hex_md5(validate) == '8b5700012be65c9da25f49408d959ca0')
			return true;
		else
			{
			alert('The PIN you entered is not correct.');
			return false;
			}
		
	} else {
		return false;
	}
}
</script>

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1